﻿namespace CoreClass
{
    using System;
    using System.Collections.Specialized;
    using System.Web.UI;

    public class Check_sql : Page
    {
        protected Page thisPage;

        public Check_sql(Page sPage)
        {
            this.thisPage = sPage;
            this.urlCheck_sql();
        }

        public bool Check_From_Sql()
        {
            NameValueCollection strqs = this.thisPage.Request.Form;
            int i = 0;
            for (i = 0; i < strqs.Count; i++)
            {
                string[] strTemp = strqs.GetValues(i);
                string strName = strqs.GetKey(i);
                string strC = strTemp[0].ToLower();
                if ((((strC.IndexOf("'", 0, strC.Length) != -1) || (strC.IndexOf("and", 0, strC.Length) != -1)) || ((strC.IndexOf("select", 0, strC.Length) != -1) || (strC.IndexOf("update", 0, strC.Length) != -1))) || ((((strC.IndexOf("chr", 0, strC.Length) != -1) || (strC.IndexOf("delete%20from", 0, strC.Length) != -1)) || ((strC.IndexOf(";", 0, strC.Length) != -1) || (strC.IndexOf("insert", 0, strC.Length) != -1))) || ((strC.IndexOf("mid", 0, strC.Length) != -1) || (strC.IndexOf("master.", 0, strC.Length) != -1))))
                {
                    string ssMessage = "<Script Language=JavaScript>alert('\u51fa\u73b0\u9519\u8bef\uff01\u5728\u4f60\u8f93\u5165\u7684\u5185\u5bb9\u4e2d\u4e0d\u8981\u51fa\u73b0\uff1a";
                    ssMessage = ssMessage + "\n\n ;,and,select,update,insert,delete,chr \u7b49\u975e\u6cd5\u5b57\u7b26\uff01');location.href='javascript:history.back()';</Script>";
                    this.thisPage.RegisterStartupScript("03", ssMessage);
                    return false;
                }
            }
            return true;
        }

        public bool Check_Text_Sql(string from_text)
        {
            string strC = from_text;
            if ((((strC.IndexOf("'", 0, strC.Length) != -1) || (strC.IndexOf("and", 0, strC.Length) != -1)) || ((strC.IndexOf("select", 0, strC.Length) != -1) || (strC.IndexOf("update", 0, strC.Length) != -1))) || ((((strC.IndexOf("chr", 0, strC.Length) != -1) || (strC.IndexOf("delete%20from", 0, strC.Length) != -1)) || ((strC.IndexOf(";", 0, strC.Length) != -1) || (strC.IndexOf("insert", 0, strC.Length) != -1))) || ((strC.IndexOf("mid", 0, strC.Length) != -1) || (strC.IndexOf("master.", 0, strC.Length) != -1))))
            {
                string ssMessage = "<Script Language=JavaScript>alert('\u51fa\u73b0\u9519\u8bef\uff01\u5728\u4f60\u8f93\u5165\u7684\u5185\u5bb9\u4e2d\u4e0d\u8981\u51fa\u73b0\uff1a";
                ssMessage = ssMessage + "\n\n ;,and,select,update,insert,delete,chr \u7b49\u975e\u6cd5\u5b57\u7b26\uff01');location.href='javascript:history.back()';</Script>";
                this.thisPage.RegisterStartupScript("03", ssMessage);
                return false;
            }
            return true;
        }

        public void showMessage(string p_strShowMessage)
        {
            this.thisPage.RegisterStartupScript("01", "<script language=javascript> alert('" + p_strShowMessage + "')</script>");
        }

        public bool urlCheck_sql()
        {
            if (this.thisPage.Request.ServerVariables["HTTP_REFERER"] == null)
            {
                this.showMessage("\u8b66\u544a\uff01\u4e0d\u5141\u8bb8\u901a\u8fc7Url\u63d0\u4ea4\u6570\u636e\uff01\uff01\u9875\u9762\u5373\u5c06\u5173\u95ed\uff01\uff01");
                this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
                return false;
            }
            string str_httpReferer = this.thisPage.Request.ServerVariables["HTTP_REFERER"].ToString();
            string str_httpServerName = this.thisPage.Request.ServerVariables["SERVER_NAME"].ToString();
            if (str_httpReferer.Substring(7, str_httpServerName.Length) != str_httpServerName)
            {
                this.showMessage("\u8b66\u544a\uff01\u4f60\u6b63\u5728\u4ece\u5916\u90e8\u63d0\u4ea4\u6570\u636e\uff01\uff01\u9875\u9762\u5373\u5c06\u5173\u95ed\uff01\uff01");
                this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
                return false;
            }
            NameValueCollection strqs = this.thisPage.Request.QueryString;
            int i = 0;
            for (i = 0; i < strqs.Count; i++)
            {
                string[] strTemp = strqs.GetValues(i);
                string strName = strqs.GetKey(i);
                string strC = strTemp[0].ToLower();
                if ((((strC.IndexOf("'", 0, strC.Length) != -1) || (strC.IndexOf("and", 0, strC.Length) != -1)) || ((strC.IndexOf("select", 0, strC.Length) != -1) || (strC.IndexOf("update", 0, strC.Length) != -1))) || ((((strC.IndexOf("chr", 0, strC.Length) != -1) || (strC.IndexOf("delete%20from", 0, strC.Length) != -1)) || ((strC.IndexOf(";", 0, strC.Length) != -1) || (strC.IndexOf("insert", 0, strC.Length) != -1))) || ((strC.IndexOf("mid", 0, strC.Length) != -1) || (strC.IndexOf("master.", 0, strC.Length) != -1))))
                {
                    string ssMessage = "<Script Language=JavaScript>alert('\u51fa\u73b0\u9519\u8bef\uff01\u5728\u4f60\u8f93\u5165\u7684\u5185\u5bb9\u4e2d\u4e0d\u8981\u51fa\u73b0\uff1a";
                    ssMessage = ssMessage + "\n\n ;,and,select,update,insert,delete,chr \u7b49\u975e\u6cd5\u5b57\u7b26\uff01');location.href='javascript:history.back()';</Script>";
                    this.thisPage.RegisterStartupScript("03", ssMessage);
                    return false;
                }
            }
            return true;
        }
    }
}

